Monday, 6 May 2013
Security Awareness Training: Why Every Business Needs It
Definition of the Direction of Threats
The threat from outside is usually better understood by company management than the threat from within. The internal threat is not just from unhappy employees. The employee who is unaware and untrained is the biggest threat. Employees who have not undergone security awareness training hurt the company by visiting Internet sites that have active malware. They often respond to emails that are phishing attacks and often keep their login and password information stored in an unprotected manner. Some uninformed employees may never think of the damage they do when discussing company projects in social gatherings, both on company time and outside the confines of the company facilities.
Why the Level of Training Intensity Must Be High
The only way to ensure that employees are not damaging the company, inadvertently or knowingly, is to set up company mandatory security training awareness programs. Every existing employee must be required to take this training when the program is started. New employees should be required to undergo security awareness training before starting their new job. This training should also require successful completion of a test to ensure a working knowledge of this vital topic has been received and understood. Update training should be required on a recurring basis as well.
Training should be much more than an hour or two of classroom training. The company needs its own website that is dedicated to the security awareness of the company. Each employee should receive random hints and reminders by email, and posters on security should be posted in prominent places throughout the company facilities.
In this manner every company can have an increased level of confidence that each employee is knowledgeable of company policies, procedures on the matter of security for any information relating to the personnel, and products or projects of the company. This type of security awareness training is the only way that employees will know, understand and put to use best practices expected by company management.
Getting Started with Security Awareness Training
At the beginning, if the company does not have personnel trained in the curriculum for this training, it may be desirable for select employees to attend outside training in order to learn what is needed. By having the company's own personnel return to oversee this type of training sets the tone about the seriousness of this type of training.
Peter Wendt is a writer from Austin, TX, that has researched a lot on the topic of malware and computer security, and highly recommends this security awareness training program for businesses and employees.